NASLDB: PHP 5.4.x < 5.4.5 _php_stream_scandir Overflow
General
ID: 60086
Name: PHP 5.4.x < 5.4.5 _php_stream_scandir Overflow
Summary: Checks version of PHP
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:POC/RL:OF/RC:C
Port: 80
Family: CGI abuses
Type: Remote
Description
According to its banner, the version of PHP installed on the remote
host is 5.4.x earlier than 5.4.5, and is, therefore, potentially
affected by an unspecified overflow vulnerability in the function
‘_php_stream_scandir’ in the file ‘main/streams/streams.c’.
Exploiting
Exploit Available: True
Exploitability Ease: Exploits are available
Sources
CVE: CVE-2012-2688
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2012/07/19
Patch Release: 2012/07/19
Plugin Release: 2012/07/20
Plugin
Version: 1.4
Filename: php_5_4_5.nasl
Filesize: 3107 bytes
MD5 Hash: 4264c0a1ae8388cff55507ccff0ae23a
Identification: www/php/’port‘/backported
Require Keys: www/PHP
Dependencies: "php_version.nasl"
Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack